Unfortunately, it's impossible to create a vulnerability-free release if we give the major update a code freeze period of a week to provide stability and on the fifth day after the build some software needs a patch. We have to take packages, plugins and core components into account for LibreSSL, OpenSSL, both on amd64 and i386. On top of that image integrity for 4 image types on both architectures again.

Nevertheless, 18.1.1 will be out rather sooner than later to address this properly.

It's a long-term plan to replace the legacy code, but that does not simply include moving /var/etc configuration files somewhere else as that has no user impact. We'd rather start with the GUI to provide an API and associated cleanups. Since components are working that is hard to find a good roadmap spot for.

Instead, we can work on individual changes that you have in mind regarding config files?

Instead, we can work on individual changes that you have in mind regarding config files?

Sure, I think Unbound needs a small tweak, but I am still getting familiar with the setup and opnsense's inner workings for this particular item. For example, I found the config files, but I cannot find the anchor certificates and related files. I'll have to dig deeper before I have more intelligent questions...